Why Work with Vendors That Don’t Exhibit Cybersecurity Awareness?

If you're truly protective of your network, it's best to avoid working with vendors that don't exhibit cybersecurity awareness and don’t demonstrate cybersecurity measures in their digital interactions.

If your business lacks cybersecurity discipline and cybersecurity awareness, that’s obviously a bad thing from a security standpoint. Well, the same goes for the vendors that might do work that in some way touches your network.

Can you confidently eat at a restaurant after noticing that its bathroom is a horrendous mess? Would you take fashion advice from a salesperson who is dressed tastelessly?

I wouldn’t.

Well, if part of your job is making sure that your organization’s network is protected against cyber criminals, you should not work with a contractor that doesn’t demonstrate an appreciation for cybersecurity in its digital interactions.

My guess, however, is that most vendors make a habit of demonstrating “reckless” digital behavior. In doing so, they reveal their cyber vulnerabilities during interactions with their customers and prospective customers.

Here are some cybersecurity takeaways from Defendify:

Threat of working with a cybersecurity-ignorant contractor is real

The gateway for that cyber crime was through an HVAC contractor that worked with the retailer, Simopoulos pointed out. The hackers broke into the contractor’s network and pivoted into Target’s. In fact, 60 percent of data breaches are related to a third party, he added.

That should legitimize any concern you might have about vendors’ cybersecurity knowledge and readiness.

Your company and your customers are targets

When Simopoulos asked the Pivot to Profit crowd, mostly people running AV and security integration firms, how many have had a cyber-attack at their organizations over the past 12 months, only a smattering of hands went up. Many who didn’t raise their hands are likely wrong. Simopoulos said that 68 percent of small businesses have experienced a cyber-attack over the last year and 50 percent of these crimes target small businesses.

Cyberattacks are extremely costly

We all understand the value of physical security to protect businesses. Well, the average loss in a physical burglary is about $2,000, Simopoulos said. “In a cyber-attack it’s $117,000-plus.”

You probably don’t realize how much data you need to protect

If you aren’t concerned about your contractors’ IT security, you should be. Simopoulos polled the Pivot to Profit crowd and listed elements that companies need to protect from a data perspective. Really, he said, “it’s anything you wouldn’t be willing to put on a public-facing website,” including:

Cyber-threats come from four major sources

“Hactivists” or “hacktivism” (criminals who hack for some political motivation)

Cyber-soldiers (they might be attacking the U.S., they might be sponsored by some state)

Insider threat (sometimes it’s malicious and on purpose and other times it’s a negligent insider causing a threat)

Phishing has gotten very sophisticated

While the days of Nigerian princes hitting people up for money via email aren’t over, there are far more advanced methods of phishing today. Simopoulos pointed out that phishing emails have gotten very smart. If your employees get a notification that they’re about to receive a FedEx package, it’s pretty tempting to click for tracking information. If they get a LinkedIn invitation, it’s human nature to accept it.

“Never click on an email to accept a LinkedIn invitation,” Simopoulos said. “Go to the site or the app.”

“These criminals are often very patient. They’ll take time and research your companies and who you’re doing business with,” he added.

The reality is that there is “only one way to project yourself against” phishing, Simopoulos said. “It’s to act like very email you receive is fake. If you weren’t expecting it, you have to verify it.”

Now think about your digital interactions with vendors. How often when you send an unsolicited email do they respond by verifying that the sender is indeed you? Probably not often. But that would be a solid sign that the vendor takes cybersecurity seriously. It might make you feel comfortable doing business with it.

Tom has been covering B2B technology since 2010. He’s editorial director for MyTechDecisions and its sister brand Commercial Integrator. Before that, he covered the residential technology market for CE Pro and wrote for sports department of the Boston Herald.

Free downloadable guide you may like:

You have a great idea to improve company efficiency. Now, how do you get the budget you need to realize this vision? Our new guide provides tips to get the money you need to implement your next IT project.